// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// Author: Markus Gutschke

#ifndef SSL_H__
#define SSL_H__

#include <stdint.h>
#include <sys/types.h>

#if defined(USE_AXTLS)
#include "ssl_axtls.h"
#elif defined(USE_GNUTLS)
#include "ssl_gnutls.h"
#elif defined(USE_NSS)
#include "ssl_nss.h"
#elif defined(USE_OPENSSL)
#include "ssl_openssl.h"
#elif defined(USE_POLAR)
#include "ssl_polar.h"
#else
#error Did not specify any SSL library
#endif

// TODO: The SSL backends do not actually verify the server certificate. For
//       many of the anticipated use cases, this is a perfectly reasonable
//       decision. The code is running on trusted networks, and key management
//       would potentially be a problem for static firmware. But there are
//       obviously other deployment scenarios where the threat model warrants
//       certificate checking. We should offer a compile-time option to enable
//       a CA database.

struct SSL;
struct SSLHandle;

struct SSL *newSSL(void);
void initSSL(struct SSL *ssl);
void destroySSL(struct SSL *ssl);
void deleteSSL(struct SSL *ssl);
struct SSLHandle *openSSLHandle(struct SSL *ssl, int fd);
void closeSSLHandle(struct SSLHandle *handle);
ssize_t SSLread(struct SSLHandle *handle, char *buf, size_t sz);
ssize_t SSLwrite(struct SSLHandle *handle, const char *buf, size_t sz);

#endif  // SSL_H__
